208309 2020-02-27 07:34:25 -0800 Crash in CSSValue::isPrimitiveValue 2020-03-16 15:10:41 -0700 1 1 1 Unclassified WebKit HTML Editing WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ajuma webkit-unassigned achristensen bfulgham commit-queue eugenebut ews-feeder pgyanchandani product-security rniwa rohitrao webkit-bug-importer wenson_hsieh oldest_to_newest 1623462 0 391864 ajuma 2020-02-27 07:34:25 -0800 Created attachment 391864 Minimal test case Filing this as a security bug since it was found using a fuzzer; there's no disclosure deadline for this bug. Crash stack: ================================================================= ==37021==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x00047109ce22 bp 0x7ffeef071510 sp 0x7ffeef071510 T0) ==37021==The signal is caused by a READ memory access. ==37021==Hint: address points to the zero page. ==37021==WARNING: invalid path to external symbolizer! ==37021==WARNING: Failed to use and restart external symbolizer! #0 0x47109ce21 in WebCore::CSSValue::isPrimitiveValue() const (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x196e21) #1 0x47108032d in WTF::match_constness<WebCore::CSSValue, WebCore::CSSPrimitiveValue>::type& WTF::downcast<WebCore::CSSPrimitiveValue, WebCore::CSSValue>(WebCore::CSSValue&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x17a32d) #2 0x47412a086 in WebCore::ApplyStyleCommand::computedFontSize(WebCore::Node*) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3224086) #3 0x474126a8b in WebCore::ApplyStyleCommand::applyRelativeFontStyleChange(WebCore::EditingStyle*) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3220a8b) #4 0x474125246 in WebCore::ApplyStyleCommand::doApply() (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x321f246) #5 0x47411c476 in WebCore::CompositeEditCommand::apply() (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3216476) #6 0x47418658c in WebCore::Editor::applyStyle(WTF::RefPtr<WebCore::EditingStyle, WTF::DumbPtrTraits<WebCore::EditingStyle> >&&, WebCore::EditAction, WebCore::Editor::ColorFilterMode) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x328058c) #7 0x4741ce885 in WebCore::applyCommandToFrame(WebCore::Frame&, WebCore::EditorCommandSource, WebCore::EditAction, WTF::Ref<WebCore::EditingStyle, WTF::DumbPtrTraits<WebCore::EditingStyle> >&&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x32c8885) #8 0x4741ce72b in WebCore::executeApplyStyle(WebCore::Frame&, WebCore::EditorCommandSource, WebCore::EditAction, WebCore::CSSPropertyID, WTF::String const&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x32c872b) #9 0x473e59c91 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2f53c91) #10 0x471913800 in WebCore::jsDocumentPrototypeFunctionExecCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*, JSC::ThrowScope&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xa0d800) #11 0x4717d0625 in long long WebCore::IDLOperation<WebCore::JSDocument>::call<&(WebCore::jsDocumentPrototypeFunctionExecCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x8ca625) #12 0x2a06fda01177 (<unknown module>) #13 0x48ba6745b in llint_entry (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xa8c45b) #14 0x48ba503d8 in vmEntryToJavaScript (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xa753d8) #15 0x48d07440d in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x209940d) #16 0x48d7263fb in JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x274b3fb) #17 0x48d7266cc in JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x274b6cc) #18 0x47386dcd3 in WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2967cd3) #19 0x47386d4fb in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x29674fb) #20 0x47386d10c in WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x296710c) #21 0x474049481 in WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3143481) #22 0x474046490 in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3140490) #23 0x4746f528e in WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x37ef28e) #24 0x4746f4f64 in WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::DumbPtrTraits<WebCore::ScriptElement> >&&, WTF::TextPosition const&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x37eef64) #25 0x4746d535c in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x37cf35c) #26 0x4746d59f4 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x37cf9f4) #27 0x4746d49dd in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x37ce9dd) #28 0x4746d6859 in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >&&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x37d0859) #29 0x473e1985a in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2f1385a) #30 0x474ac48b4 in WebCore::DocumentWriter::end() (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3bbe8b4) #31 0x474ac31a8 in WebCore::DocumentLoader::finishedLoading() (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3bbd1a8) #32 0x474ac2dee in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3bbcdee) #33 0x474c50927 in WebCore::CachedResource::checkNotify() (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3d4a927) #34 0x474c4cac8 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3d46ac8) #35 0x474bd0cde in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3ccacde) #36 0x1022e7ca6 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x1754ca6) #37 0x1029e9547 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x1e56547) #38 0x1029e8649 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x1e55649) #39 0x1022a4334 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x1711334) #40 0x100c1898a in IPC::Connection::dispatchMessage(IPC::Decoder&) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x8598a) #41 0x100c1967a in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x8667a) #42 0x100c1a2b8 in IPC::Connection::dispatchOneIncomingMessage() (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x872b8) #43 0x48b098679 in WTF::RunLoop::performWork() (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xbd679) #44 0x48b09925a in WTF::RunLoop::performWork(void*) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xbe25a) #45 0x7fff338f631a in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x5731a) #46 0x7fff338f62c0 in __CFRunLoopDoSource0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x572c0) #47 0x7fff338da1ba in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x3b1ba) #48 0x7fff338d9782 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x3a782) #49 0x7fff338d9084 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x3a084) #50 0x7fff35b4da9e in -[NSRunLoop(NSRunLoop) runMode:beforeDate:] (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0x1ca9e) #51 0x7fff35b4d973 in -[NSRunLoop(NSRunLoop) run] (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0x1c973) #52 0x7fff5ffc51d6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x111d6) #53 0x7fff5ffc4cd8 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0x10cd8) #54 0x101497465 in WebKit::XPCServiceMain(int, char const**) (/Users/chrome-bot/clusterfuzz/bot/builds/mac_asan_webkit/custom/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x904465) #55 0x7fff5fd923d4 in start (/usr/lib/system/libdyld.dylib:x86_64+0x163d4) ==37021==Register values: rax = 0x0000000000000000 rbx = 0x0000000000000000 rcx = 0x0000100000000001 rdx = 0x0000000000000009 rdi = 0x0000000000000008 rsi = 0x00007ffeef071580 rbp = 0x00007ffeef071510 rsp = 0x00007ffeef071510 r8 = 0x0000100000000000 r9 = 0x0000000000000000 r10 = 0xffffffffffffffff r11 = 0x00000fffffffffff r12 = 0x00007ffeef071560 r13 = 0x00007ffeef071580 r14 = 0x00007ffeef071540 r15 = 0x00001fffdde0e2a8 1623463 1 webkit-bug-importer 2020-02-27 07:34:37 -0800 <rdar://problem/59846646> 1629697 2 eugenebut 2020-03-13 10:49:12 -0700 Ali helped to debug this issue. Crash happens inside ApplyStyleCommand::computedFontSize, because |value| variable is null: float ApplyStyleCommand::computedFontSize(Node* node) { if (!node) return 0; auto value = ComputedStyleExtractor(node).propertyValue(CSSPropertyFontSize); return downcast<CSSPrimitiveValue>(*value).floatValue(CSSPrimitiveValue::CSS_PX); } |node| is WebCoreText with whitespace value (" "), but the browser also crashes with non-whitespace text. |node| has a parent (HTMLTextAreaElement), and that parent has shadow root, but shadow root does not have an assigned slot: inline ComposedTreeAncestorIterator& ComposedTreeAncestorIterator::traverseParent() { auto* parent = m_current->parentNode(); ... if (auto* shadowRoot = parent->shadowRoot()) { m_current = shadowRoot->findAssignedSlot(*m_current); return *this; } The fact that HTMLTextAreaElement has shadow root seems correct: Ref<HTMLTextAreaElement> HTMLTextAreaElement::create(const QualifiedName& tagName, Document& document, HTMLFormElement* form) { auto textArea = adoptRef(*new HTMLTextAreaElement(tagName, document, form)); textArea->ensureUserAgentShadowRoot(); Does it mean that root cause of this crash is the absence of assigned slot for |node|? 1630144 3 rniwa 2020-03-14 23:42:59 -0700 (In reply to Eugene But from comment #2) > > |node| is WebCoreText with whitespace value (" "), but the browser also > crashes with non-whitespace text. |node| has a parent (HTMLTextAreaElement), > and that parent has shadow root, but shadow root does not have an assigned > slot: > > > inline ComposedTreeAncestorIterator& > ComposedTreeAncestorIterator::traverseParent() > { > auto* parent = m_current->parentNode(); > ... > if (auto* shadowRoot = parent->shadowRoot()) { > m_current = shadowRoot->findAssignedSlot(*m_current); > return *this; > } > > The fact that HTMLTextAreaElement has shadow root seems correct: Yes, that's expected. > Ref<HTMLTextAreaElement> HTMLTextAreaElement::create(const QualifiedName& > tagName, Document& document, HTMLFormElement* form) > { > auto textArea = adoptRef(*new HTMLTextAreaElement(tagName, document, > form)); > textArea->ensureUserAgentShadowRoot(); > > Does it mean that root cause of this crash is the absence of assigned slot > for |node|? No, that on its own is not an issue. In fact, some shadow trees would never have a slot. The bug here is that we're missing nullptr check of value in ApplyStyleCommand::computedFontSize. Pinki (cc'ed) and I were investigating investigating this bug yesterday, and we concluded that we want to add a null check here. 1630349 4 eugenebut 2020-03-16 09:38:43 -0700 Thanks for the update. I'm trying to learn more about WebKit and information like this is very useful. 1630375 5 393663 pgyanchandani 2020-03-16 10:54:49 -0700 Created attachment 393663 Patch 1630438 6 393677 pgyanchandani 2020-03-16 13:14:41 -0700 Created attachment 393677 Patch 1630440 7 393677 pgyanchandani 2020-03-16 13:16:10 -0700 Comment on attachment 393677 Patch Updated Reviewed By section in Change log. Kindly commit the patch 1630459 8 393677 rniwa 2020-03-16 14:14:00 -0700 Comment on attachment 393677 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393677&action=review > Source/WebCore/ChangeLog:6 > + Reviewed by Alex Christensen. You need to revert this. > LayoutTests/ChangeLog:6 > + Reviewed by Alex Christensen. Ditto. 1630462 9 393677 achristensen 2020-03-16 14:17:04 -0700 Comment on attachment 393677 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393677&action=review >> Source/WebCore/ChangeLog:6 >> + Reviewed by Alex Christensen. > > You need to revert this. Why? I did review it. 1630463 10 rniwa 2020-03-16 14:24:07 -0700 This is not a security bug. 1630489 11 393663 commit-queue 2020-03-16 15:10:39 -0700 Comment on attachment 393663 Patch Clearing flags on attachment: 393663 Committed r258522: <https://trac.webkit.org/changeset/258522> 1630490 12 commit-queue 2020-03-16 15:10:41 -0700 All reviewed patches have been landed. Closing bug. 391864 2020-02-27 07:34:25 -0800 2020-02-27 07:34:25 -0800 Minimal test case primitive-value.html text/html 431 ajuma aAo8c2NyaXB0Pgpkb2N1bWVudC5kZXNpZ25Nb2RlID0gJ29uJzsKICBkb2N1bWVudC5leGVjQ29t bWFuZCgic2VsZWN0QWxsIik7CiAgZG9jdW1lbnQuZXhlY0NvbW1hbmQoIkluc2VydEhUTUwiLGZh bHNlLCI8ZGl2PlRoaXMgdGVzdCBjaGVja3MgdGhhdCBwYXNpbmcgaW4gYSBjb21iaW5hdGlvbiBv ZiBuZXN0ZWQgYmxvY2tzIHdoZXJlIG9uZSBzdGFydHMgd2l0aCBhIHRleHQgZmllbGQgZG9lc24n dCBjcmFzaCBvciBmYWlsIGFzc2VydGlvbnMuPC9kaXY+XG48ZGl2PlxuPGRpdj5cbjx0ZXh0YXJl YT4gPC90ZXh0YXJlYT4gXG48c3Bhbj54PC9zcGFuPlxuPC9kaXY+XG48L2Rpdj4iKTsKICBkb2N1 bWVudC5leGVjQ29tbWFuZCgic2VsZWN0QWxsIik7CiAgZG9jdW1lbnQuZXhlY0NvbW1hbmQoIkZv bnRTaXplRGVsdGEiLGZhbHNlLDMpOwo8L3NjcmlwdD4= 393663 2020-03-16 10:54:49 -0700 2020-03-16 15:10:39 -0700 Patch bug-208309-20200316105448.patch text/plain 3583 pgyanchandani U3VidmVyc2lvbiBSZXZpc2lvbjogMjU4MjIyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNzc1ZjNhNzViNjEyY2Jh ZDZhYjI5YjVjN2NlOTU3MzM2ZjQ5OWNlYS4uNjNkZTMwMzQ1NzVkMDNlNDE4YjAzOGViODA4ZmZl NzhkNDk1MWNkOSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDIwLTAzLTE2ICBQaW5r aSBHeWFuY2hhbmRhbmkgIDxwZ3lhbmNoYW5kYW5pQGFwcGxlLmNvbT4KKworICAgICAgICBDcmFz aCBpbiBDU1NWYWx1ZTo6aXNQcmltaXRpdmVWYWx1ZQorICAgICAgICBodHRwczovL2J1Z3Mud2Vi a2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjA4MzA5CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9C T0RZIChPT1BTISkuCisKKyAgICAgICAgQWRkZWQgYSBOVUxMIGNoZWNrIGJlZm9yZSBkZXJlZmVy ZW5jaW5nIHZhbHVlIGluIEFwcGx5U3R5bGVDb21tYW5kOjpjb21wdXRlZEZvbnRTaXplCisKKyAg ICAgICAgVGVzdDogZWRpdGluZy9leGVjQ29tbWFuZC9wcmltaXRpdmUtdmFsdWUuaHRtbAorCisg ICAgICAgICogZWRpdGluZy9BcHBseVN0eWxlQ29tbWFuZC5jcHA6CisgICAgICAgIChXZWJDb3Jl OjpBcHBseVN0eWxlQ29tbWFuZDo6Y29tcHV0ZWRGb250U2l6ZSk6CisKIDIwMjAtMDMtMTAgIEpl ciBOb2JsZSAgPGplci5ub2JsZUBhcHBsZS5jb20+CiAKICAgICAgICAgQWRkIGxvZ2dpbmcgZm9y IE1vZGVybiBFTUUgbWV0aG9kcy4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2VkaXRpbmcv QXBwbHlTdHlsZUNvbW1hbmQuY3BwIGIvU291cmNlL1dlYkNvcmUvZWRpdGluZy9BcHBseVN0eWxl Q29tbWFuZC5jcHAKaW5kZXggNTJlNmU0ZTBiMTdkZGY5MGRkMWJlYjVlZGQ5MWMwMDE1ZGEzMjk3 NC4uYTgzZjBjZGU0MjVmYWQwNmUwOTM1ZWNiNzg0NWRmYjJiOTAzOTY1NCAxMDA2NDQKLS0tIGEv U291cmNlL1dlYkNvcmUvZWRpdGluZy9BcHBseVN0eWxlQ29tbWFuZC5jcHAKKysrIGIvU291cmNl L1dlYkNvcmUvZWRpdGluZy9BcHBseVN0eWxlQ29tbWFuZC5jcHAKQEAgLTE0OTcsNiArMTQ5Nyw4 IEBAIGZsb2F0IEFwcGx5U3R5bGVDb21tYW5kOjpjb21wdXRlZEZvbnRTaXplKE5vZGUqIG5vZGUp CiAgICAgICAgIHJldHVybiAwOwogCiAgICAgYXV0byB2YWx1ZSA9IENvbXB1dGVkU3R5bGVFeHRy YWN0b3Iobm9kZSkucHJvcGVydHlWYWx1ZShDU1NQcm9wZXJ0eUZvbnRTaXplKTsKKyAgICBpZiAo IXZhbHVlKQorICAgICAgICByZXR1cm4gMDsKICAgICByZXR1cm4gZG93bmNhc3Q8Q1NTUHJpbWl0 aXZlVmFsdWU+KCp2YWx1ZSkuZmxvYXRWYWx1ZShDU1NVbml0VHlwZTo6Q1NTX1BYKTsKIH0KIApk aWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9n CmluZGV4IGEzNjY3MjM1NjAwYjQxZDc2YTQ0NzA2ZDNlOWIxY2IwNjE1NDQ3MjkuLmJiMDM5NDc4 ZTM2ODYzNzY2NTJjNzZlNjBhYmNmZDM3MDdlZWVmNGYgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3Rz L0NoYW5nZUxvZworKysgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNSBAQAor MjAyMC0wMy0xNiAgUGlua2kgR3lhbmNoYW5kYW5pICA8cGd5YW5jaGFuZGFuaUBhcHBsZS5jb20+ CisKKyAgICAgICAgQ3Jhc2ggaW4gQ1NTVmFsdWU6OmlzUHJpbWl0aXZlVmFsdWUKKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwODMwOQorCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFkZGVkIGEgdGVzdGNhc2Ug YXR0YWNoZWQgdG8gYnVnemlsbGEgaXNzdWUgMjA4MzA5LCB3aXRoIGxpdHRsZSBtb2RpZmljYXRp b24uIAorCisgICAgICAgICogZWRpdGluZy9leGVjQ29tbWFuZC9wcmltaXRpdmUtdmFsdWUtZXhw ZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBlZGl0aW5nL2V4ZWNDb21tYW5kL3ByaW1pdGl2 ZS12YWx1ZS5odG1sOiBBZGRlZC4KKwogMjAyMC0wMy0xMCAgRGllZ28gUGlubyBHYXJjaWEgIDxk cGlub0BpZ2FsaWEuY29tPgogCiAgICAgICAgIFtXUEVdIEdhcmRlbmluZywgZW1pdCBuZXcgYmFz ZWxpbmVzIG9mIFdlYkdMIDEuMC4zIGNvbmZvcm1hbmNlIHRlc3RzCmRpZmYgLS1naXQgYS9MYXlv dXRUZXN0cy9lZGl0aW5nL2V4ZWNDb21tYW5kL3ByaW1pdGl2ZS12YWx1ZS1leHBlY3RlZC50eHQg Yi9MYXlvdXRUZXN0cy9lZGl0aW5nL2V4ZWNDb21tYW5kL3ByaW1pdGl2ZS12YWx1ZS1leHBlY3Rl ZC50eHQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMC4uNDIyZjJhOGFjMjZlN2MwYzUyNTZlMTY0YTNhMDEyZmQyMTEwNDhk MwotLS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2VkaXRpbmcvZXhlY0NvbW1hbmQvcHJp bWl0aXZlLXZhbHVlLWV4cGVjdGVkLnR4dApAQCAtMCwwICsxIEBACitUaGlzIHRlc3QgY2hlY2tz IHRoYXQgcGFzaW5nIGluIGEgY29tYmluYXRpb24gb2YgbmVzdGVkIGJsb2NrcyB3aGVyZSBvbmUg c3RhcnRzIHdpdGggYSB0ZXh0IGZpZWxkIGRvZXNuJ3QgY3Jhc2ggb3IgZmFpbCBhc3NlcnRpb25z LiB4CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9lZGl0aW5nL2V4ZWNDb21tYW5kL3ByaW1pdGl2 ZS12YWx1ZS5odG1sIGIvTGF5b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9wcmltaXRpdmUt dmFsdWUuaHRtbApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwLi5kNDZkMzk3YWIzZDE5MWY4MmI0YWUyY2UyOGU1MzU2Zjk2 YmRkMDYxCi0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFu ZC9wcmltaXRpdmUtdmFsdWUuaHRtbApAQCAtMCwwICsxLDE4IEBACis8IURPQ1RZUEUgaHRtbD4K KzxodG1sPgorPHNjcmlwdD4KKworZnVuY3Rpb24gcHJpbVZhbHVlVGVzdCgpIHsKKyAgICBpZiAo d2luZG93LnRlc3RSdW5uZXIpCisgICAgICAgIHRlc3RSdW5uZXIuZHVtcEFzVGV4dCgpOworCisg ICAgZG9jdW1lbnQuZGVzaWduTW9kZSA9ICdvbic7CisgICAgZG9jdW1lbnQuZXhlY0NvbW1hbmQo InNlbGVjdEFsbCIpOworICAgIGRvY3VtZW50LmV4ZWNDb21tYW5kKCJJbnNlcnRIVE1MIixmYWxz ZSwiVGhpcyB0ZXN0IGNoZWNrcyB0aGF0IHBhc2luZyBpbiBhIGNvbWJpbmF0aW9uIG9mIG5lc3Rl ZCBibG9ja3Mgd2hlcmUgb25lIHN0YXJ0cyB3aXRoIGEgdGV4dCBmaWVsZCBkb2Vzbid0IGNyYXNo IG9yIGZhaWwgYXNzZXJ0aW9ucy48dGV4dGFyZWE+IDwvdGV4dGFyZWE+IFxuPHNwYW4+eDwvc3Bh bj5cbiIpOworICAgIGRvY3VtZW50LmV4ZWNDb21tYW5kKCJzZWxlY3RBbGwiKTsKKyAgICBkb2N1 bWVudC5leGVjQ29tbWFuZCgiRm9udFNpemVEZWx0YSIsZmFsc2UsMyk7Cit9Cis8L3NjcmlwdD4K Kzxib2R5IG9ubG9hZD1wcmltVmFsdWVUZXN0KCk+Cis8L2JvZHk+Cis8L2h0bWw+Cg== 393677 2020-03-16 13:14:41 -0700 2020-03-16 14:15:03 -0700 Patch bug-208309-20200316131440.patch text/plain 3587 pgyanchandani U3VidmVyc2lvbiBSZXZpc2lvbjogMjU4MjIyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNzc1ZjNhNzViNjEyY2Jh ZDZhYjI5YjVjN2NlOTU3MzM2ZjQ5OWNlYS4uZGNmNWJlYTE4MjRhYmEzZGVlNDdmN2EwNDlmNDgz YWQ1YTc2ZmI4MiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDIwLTAzLTE2ICBQaW5r aSBHeWFuY2hhbmRhbmkgIDxwZ3lhbmNoYW5kYW5pQGFwcGxlLmNvbT4KKworICAgICAgICBDcmFz aCBpbiBDU1NWYWx1ZTo6aXNQcmltaXRpdmVWYWx1ZQorICAgICAgICBodHRwczovL2J1Z3Mud2Vi a2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjA4MzA5CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgQWxl eCBDaHJpc3RlbnNlbi4KKworICAgICAgICBBZGRlZCBhIE5VTEwgY2hlY2sgYmVmb3JlIGRlcmVm ZXJlbmNpbmcgdmFsdWUgaW4gQXBwbHlTdHlsZUNvbW1hbmQ6OmNvbXB1dGVkRm9udFNpemUKKwor ICAgICAgICBUZXN0OiBlZGl0aW5nL2V4ZWNDb21tYW5kL3ByaW1pdGl2ZS12YWx1ZS5odG1sCisK KyAgICAgICAgKiBlZGl0aW5nL0FwcGx5U3R5bGVDb21tYW5kLmNwcDoKKyAgICAgICAgKFdlYkNv cmU6OkFwcGx5U3R5bGVDb21tYW5kOjpjb21wdXRlZEZvbnRTaXplKToKKwogMjAyMC0wMy0xMCAg SmVyIE5vYmxlICA8amVyLm5vYmxlQGFwcGxlLmNvbT4KIAogICAgICAgICBBZGQgbG9nZ2luZyBm b3IgTW9kZXJuIEVNRSBtZXRob2RzLgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvZWRpdGlu Zy9BcHBseVN0eWxlQ29tbWFuZC5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9lZGl0aW5nL0FwcGx5U3R5 bGVDb21tYW5kLmNwcAppbmRleCA1MmU2ZTRlMGIxN2RkZjkwZGQxYmViNWVkZDkxYzAwMTVkYTMy OTc0Li5hODNmMGNkZTQyNWZhZDA2ZTA5MzVlY2I3ODQ1ZGZiMmI5MDM5NjU0IDEwMDY0NAotLS0g YS9Tb3VyY2UvV2ViQ29yZS9lZGl0aW5nL0FwcGx5U3R5bGVDb21tYW5kLmNwcAorKysgYi9Tb3Vy Y2UvV2ViQ29yZS9lZGl0aW5nL0FwcGx5U3R5bGVDb21tYW5kLmNwcApAQCAtMTQ5Nyw2ICsxNDk3 LDggQEAgZmxvYXQgQXBwbHlTdHlsZUNvbW1hbmQ6OmNvbXB1dGVkRm9udFNpemUoTm9kZSogbm9k ZSkKICAgICAgICAgcmV0dXJuIDA7CiAKICAgICBhdXRvIHZhbHVlID0gQ29tcHV0ZWRTdHlsZUV4 dHJhY3Rvcihub2RlKS5wcm9wZXJ0eVZhbHVlKENTU1Byb3BlcnR5Rm9udFNpemUpOworICAgIGlm ICghdmFsdWUpCisgICAgICAgIHJldHVybiAwOwogICAgIHJldHVybiBkb3duY2FzdDxDU1NQcmlt aXRpdmVWYWx1ZT4oKnZhbHVlKS5mbG9hdFZhbHVlKENTU1VuaXRUeXBlOjpDU1NfUFgpOwogfQog CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cgYi9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKaW5kZXggYTM2NjcyMzU2MDBiNDFkNzZhNDQ3MDZkM2U5YjFjYjA2MTU0NDcyOS4uMDFlZDA4 ZjRkZmY1MTRiODRiMDliNzVhMDU3YTAyMWY4YTljZjM2MCAxMDA2NDQKLS0tIGEvTGF5b3V0VGVz dHMvQ2hhbmdlTG9nCisrKyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE1IEBA CisyMDIwLTAzLTE2ICBQaW5raSBHeWFuY2hhbmRhbmkgIDxwZ3lhbmNoYW5kYW5pQGFwcGxlLmNv bT4KKworICAgICAgICBDcmFzaCBpbiBDU1NWYWx1ZTo6aXNQcmltaXRpdmVWYWx1ZQorICAgICAg ICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjA4MzA5CisKKyAgICAg ICAgUmV2aWV3ZWQgYnkgQWxleCBDaHJpc3RlbnNlbi4KKworICAgICAgICBBZGRlZCBhIHRlc3Rj YXNlIGF0dGFjaGVkIHRvIGJ1Z3ppbGxhIGlzc3VlIDIwODMwOSwgd2l0aCBsaXR0bGUgbW9kaWZp Y2F0aW9uLiAKKworICAgICAgICAqIGVkaXRpbmcvZXhlY0NvbW1hbmQvcHJpbWl0aXZlLXZhbHVl LWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICogZWRpdGluZy9leGVjQ29tbWFuZC9wcmlt aXRpdmUtdmFsdWUuaHRtbDogQWRkZWQuCisKIDIwMjAtMDMtMTAgIERpZWdvIFBpbm8gR2FyY2lh ICA8ZHBpbm9AaWdhbGlhLmNvbT4KIAogICAgICAgICBbV1BFXSBHYXJkZW5pbmcsIGVtaXQgbmV3 IGJhc2VsaW5lcyBvZiBXZWJHTCAxLjAuMyBjb25mb3JtYW5jZSB0ZXN0cwpkaWZmIC0tZ2l0IGEv TGF5b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9wcmltaXRpdmUtdmFsdWUtZXhwZWN0ZWQu dHh0IGIvTGF5b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9wcmltaXRpdmUtdmFsdWUtZXhw ZWN0ZWQudHh0Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAuLjQyMmYyYThhYzI2ZTdjMGM1MjU2ZTE2NGEzYTAxMmZkMjEx MDQ4ZDMKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9lZGl0aW5nL2V4ZWNDb21tYW5k L3ByaW1pdGl2ZS12YWx1ZS1leHBlY3RlZC50eHQKQEAgLTAsMCArMSBAQAorVGhpcyB0ZXN0IGNo ZWNrcyB0aGF0IHBhc2luZyBpbiBhIGNvbWJpbmF0aW9uIG9mIG5lc3RlZCBibG9ja3Mgd2hlcmUg b25lIHN0YXJ0cyB3aXRoIGEgdGV4dCBmaWVsZCBkb2Vzbid0IGNyYXNoIG9yIGZhaWwgYXNzZXJ0 aW9ucy4geApkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9wcmlt aXRpdmUtdmFsdWUuaHRtbCBiL0xheW91dFRlc3RzL2VkaXRpbmcvZXhlY0NvbW1hbmQvcHJpbWl0 aXZlLXZhbHVlLmh0bWwKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC4uZDQ2ZDM5N2FiM2QxOTFmODJiNGFlMmNlMjhlNTM1 NmY5NmJkZDA2MQotLS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2VkaXRpbmcvZXhlY0Nv bW1hbmQvcHJpbWl0aXZlLXZhbHVlLmh0bWwKQEAgLTAsMCArMSwxOCBAQAorPCFET0NUWVBFIGh0 bWw+Cis8aHRtbD4KKzxzY3JpcHQ+CisKK2Z1bmN0aW9uIHByaW1WYWx1ZVRlc3QoKSB7CisgICAg aWYgKHdpbmRvdy50ZXN0UnVubmVyKQorICAgICAgICB0ZXN0UnVubmVyLmR1bXBBc1RleHQoKTsK KworICAgIGRvY3VtZW50LmRlc2lnbk1vZGUgPSAnb24nOworICAgIGRvY3VtZW50LmV4ZWNDb21t YW5kKCJzZWxlY3RBbGwiKTsKKyAgICBkb2N1bWVudC5leGVjQ29tbWFuZCgiSW5zZXJ0SFRNTCIs ZmFsc2UsIlRoaXMgdGVzdCBjaGVja3MgdGhhdCBwYXNpbmcgaW4gYSBjb21iaW5hdGlvbiBvZiBu ZXN0ZWQgYmxvY2tzIHdoZXJlIG9uZSBzdGFydHMgd2l0aCBhIHRleHQgZmllbGQgZG9lc24ndCBj cmFzaCBvciBmYWlsIGFzc2VydGlvbnMuPHRleHRhcmVhPiA8L3RleHRhcmVhPiBcbjxzcGFuPng8 L3NwYW4+XG4iKTsKKyAgICBkb2N1bWVudC5leGVjQ29tbWFuZCgic2VsZWN0QWxsIik7CisgICAg ZG9jdW1lbnQuZXhlY0NvbW1hbmQoIkZvbnRTaXplRGVsdGEiLGZhbHNlLDMpOworfQorPC9zY3Jp cHQ+Cis8Ym9keSBvbmxvYWQ9cHJpbVZhbHVlVGVzdCgpPgorPC9ib2R5PgorPC9odG1sPgo=